Package: libproxy Severity: serious Tags: security fixed-upstream patch Hi,
A buffer overflow was discovered in the PAC handling which lacks a sufficient content length check. The following bug report describes the issue and a proposed fix for the 0.3 branch: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4505 This is CVE-2012-4505. Note that a similar issue was discovered earlier in the 0.4 branch (CVE-2012-4504) which does not affect the 0.3 branch (and thus Debian). Can you please upload a fixed package to unstable and ensure transition to wheezy? Are you able to provide an update for squeeze? thanks, Thijs -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org